MICROSOFT Warns Against Malicious Email Campaign from NOBELIUM
Microsoft security researchers uncovered a sophisticated malicious email-based campaign operated by malicious threat actors, identified as NOBELIUM, who are behind the attacks against SolarWinds. Microsoft is alerting organizations using Microsoft solutions to help them understand the pattern of this malicious activity and how
to best protect against it.
NOBELIUM payloads have been mainly delivered via phishing emails through malicious HTML documents, URLs and ISO files. If the payload is installed successfully on the target computer, the threat actor can be able to perform malicious activities such as data exfiltration and the delivery of additional malware.
Cobalt Strike Beacon executing on the system.
The National Cyber Security Authority (NCSA) recommends administrators to take note of the following and implement them as soon as possible:
- Apply the latest released security patches across all Microsoft products and software in use in your environment;
- Keep monitoring the networks and systems for any suspicious activity;
- Enable network protection to prevent applications or users from accessing malicious domains and other malicious content on the internet;
- Implement centralized log management for host monitoring;
- Increase your visibility into your network by finding unmanaged devices on your network and onboarding them to the endpoint protection solutions and services in use in your environment;
- Turn on cloud-delivered protection in your antivirus software, if applicable, to cover rapidly evolving attacker tools and techniques;
- Enable multifactor authentication (MFA) for every account to mitigate compromised credentials;
- Educate and warn users from visiting malicious websites or opening malicious attachments and re-enforce the appropriate user responses to spear-phishing emails.
For further information and support, please contact the National Cyber Security Authority (NCSA) by email email@example.com or call us on 9009
Microsoft Corporation - Security Updates